Static Analysis for Security

DOI Bookmark:

http://doi.ieeecomputersociety.org/10.1109/MSP.2004.111

November-December 2004 (vol. 2 no. 6) pp. 76-79

	This Article
	PURCHASE ARTICLE: $19 PDF HTML IEEE Xplore Subscribers
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Brian Chess Articles by Gary McGraw

	ASCII Text	x
	Brian Chess, Gary McGraw, "Static Analysis for Security," IEEE Security and Privacy, vol. 2, no. 6, pp. 76-79, November-December, 2004.

	BibTex	x
	@article{ 10.1109/MSP.2004.111, author = {Brian Chess and Gary McGraw}, title = {Static Analysis for Security}, journal ={IEEE Security and Privacy}, volume = {2}, number = {6}, issn = {1540-7993}, year = {2004}, pages = {76-79}, doi = {http://doi.ieeecomputersociety.org/10.1109/MSP.2004.111}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - MGZN JO - IEEE Security and Privacy TI - Static Analysis for Security IS - 6 SN - 1540-7993 SP76 EP79 EPD - 76-79 A1 - Brian Chess, A1 - Gary McGraw, PY - 2004 KW - software development life cycle KW - source code KW - static analysis VL - 2 JA - IEEE Security and Privacy ER -

Brian Chess, Fortify Software

Gary McGraw, Cigital

All software projects are guaranteed to have one artifact in common: source code. Together with architectural risk analysis, code review for security ranks very high on the list of software security best practices. Here, we'll look at how to automate source-code security analysis with static analysis tools.

Index Terms:

software development life cycle, source code, static analysis

Citation:

Brian Chess, Gary McGraw, "Static Analysis for Security," IEEE Security and Privacy, vol. 2, no. 6, pp. 76-79, Nov. 2004, doi:10.1109/MSP.2004.111

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.